× کوکی ها غیر فعال هستند! لطفا برای کارکرد صحیح کوکی ها را فعال کنید
SHA256: 8b963a5a09e8ca510ae1c758cc1377182ea6cc6027d1e142a32585777785831a
نام فایل: 1905213386987886907.exe
نرخ کشف: 19 / 48
تاریخ تحلیل: 2013-09-29 13:02:37 UTC ( 3 سال، 11 ماه قبل )
آنتی ویروس نتایج بروزرسانی
AhnLab-V3 Trojan/Win32.Tepfer 20130929
AntiVir TR/Kazy.252405.68 20130929
Avast Win32:Morphex [Cryp] 20130929
AVG Win32/Cryptor 20130929
BitDefender Gen:Variant.Kazy.252405 20130929
Bkav HW32.CDB.F6e3 20130927
Emsisoft Gen:Variant.Kazy.252405 (B) 20130929
ESET-NOD32 a variant of Win32/Kryptik.BLIJ 20130929
F-Secure Gen:Variant.Kazy.252328 20130929
Fortinet W32/Zbot.FF!tr 20130929
GData Gen:Variant.Kazy.252405 20130929
Kaspersky HEUR:Trojan.Win32.Generic 20130929
McAfee Artemis!A20AD23E771D 20130929
McAfee-GW-Edition Artemis!A20AD23E771D 20130928
eScan Gen:Variant.Kazy.252405 20130929
Norman ZBot.NNAQ 20130929
Panda Trj/Genetic.gen 20130929
Sophos AV Mal/Generic-S 20130929
VIPRE Trojan.Win32.Generic!BT 20130929
Yandex 20130928
Antiy-AVL 20130929
Baidu-International 20130929
ByteHero 20130928
CAT-QuickHeal 20130928
ClamAV 20130929
Commtouch 20130929
Comodo 20130929
DrWeb 20130929
F-Prot 20130929
Ikarus 20130929
Jiangmin 20130903
K7AntiVirus 20130927
K7GW 20130927
Kingsoft 20130829
Malwarebytes 20130929
Microsoft 20130929
NANO-Antivirus 20130929
nProtect 20130929
PCTools 20130925
Rising 20130929
SUPERAntiSpyware 20130929
Symantec 20130929
TheHacker 20130929
TotalDefense 20130927
TrendMicro 20130929
TrendMicro-HouseCall 20130929
VBA32 20130927
ViRobot 20130928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-27 13:21:19
Entry Point 0x00009D2C
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
CAUpdateCA
CAGetCertTypeFlags
CAGetCertTypeExtensions
CAFreeCertTypeProperty
CAFreeCAProperty
CAFindByName
CAUpdateCertType
CASetCertTypeKeySpec
CACloseCA
CAEnumCertTypes
CASetCertTypeFlags
CACertTypeSetSecurity
CACreateCertType
CAEnumNextCertType
CASetCertTypeProperty
CARemoveCACertificateType
CACloseCertType
CAAddCACertificateType
CAFreeCertTypeExtensions
CAFindCertTypeByName
CAGetCAProperty
CAGetCertTypeProperty
CAGetCertTypeKeySpec
CAEnumCertTypesForCA
CAGetCertTypePropertyEx
CACertTypeGetSecurity
CASetCertTypeExtension
CreatePropertySheetPageW
PropertySheetW
GetDeviceCaps
DeleteObject
CreateFontIndirectW
GetLastError
IsValidCodePage
LocalReAlloc
FileTimeToSystemTime
RemoveDirectoryW
GlobalFree
GetEnvironmentStringsA
QueryPerformanceCounter
GetTickCount
GetEnvironmentStringsW
GlobalUnlock
lstrcmpiW
lstrlenW
GetProcessId
DeleteCriticalSection
GetStartupInfoA
FileTimeToLocalFileTime
GetDateFormatW
GlobalLock
GetComputerNameW
GetModuleFileNameW
lstrcpyW
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
CreateFileW
GlobalAlloc
InterlockedDecrement
IsBadReadPtr
GetSystemWindowsDirectoryW
OutputDebugStringA
SetLastError
InterlockedIncrement
_purecall
malloc
_wcsupr
??1type_info@@UAE@XZ
wcstoul
wcschr
__dllonexit
__RTDynamicCast
_except_handler3
?terminate@@YAXXZ
??2@YAPAXI@Z
_onexit
wcslen
wcscmp
mbstowcs
wcsrchr
_wcsicmp
_adjust_fdiv
??3@YAXPAX@Z
free
wcscat
vswprintf
memmove
wcscpy
wcsstr
_initterm
SetFocus
GetParent
EndDialog
LoadBitmapW
InsertMenuItemW
SetWindowLongW
MessageBoxW
EnableWindow
DialogBoxParamW
GetDlgItemTextA
SendDlgItemMessageW
PostMessageW
SetDlgItemTextW
GetDC
ReleaseDC
SendMessageW
wsprintfW
WinHelpW
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
RegisterClipboardFormatW
LoadCursorW
LoadIconW
GetWindowLongW
SetCursor
Number of PE resources by type
RT_ICON 6
RT_STRING 3
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
FRENCH CANADIAN 1
NORWEGIAN BOKMAL 1
KOREAN NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:27 14:21:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
44544

LinkerVersion
12.0

EntryPoint
0x9d2c

InitializedDataSize
107520

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a20ad23e771da6c10554f3410b91439d
SHA1 5d7aa78047fb7e3b97830c7bb103a34380b2218a
SHA256 8b963a5a09e8ca510ae1c758cc1377182ea6cc6027d1e142a32585777785831a
ssdeep
1536:jQrOdPw750ALQwgee9jKAacUhnPCftPW1BAjxsWT79CCqZtt5wUtTwWhss:Hd45TLQL9xInP8WtWTECqZtt5we

File size 98.0 KB ( 100352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-29 13:02:37 UTC ( 3 سال، 11 ماه قبل )
Last submission 2013-09-29 13:02:37 UTC ( 3 سال، 11 ماه قبل )
نام های فایل wFPOYQHD.xml
cXtqWqIfz.vsd
aa
1905213386987886907.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
بدون نظر. هیچ یک از اعضای انجمن ویروس توتال نظری در مورد این آیتم نداده است، بنابراین شما میتوانید اولین شخص باشید!

نظر بدهید...

?
ارسال نظر

شما هنوز وارد نشدید. تنها کاربران ثبت نام کرده می توانند نظر ارسال کنند، وارد شده و نظر بدهید.

بدون رای. هنوز شخصی برای این آیتم رای نداده است، شما اولین شخص باشید!